Overview

overview

7

Static

static

1

Unconfirme...99.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-05-2024 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unconfirmed 999399.exe

  • Size

    1.7MB

  • MD5

    1e257d2eb26ae30d19b3cc2c91c76b7c

  • SHA1

    826b93792cd116287e037d642564797e24f5cedb

  • SHA256

    734a5fb8e6fce6232a36f4b875576058773ae64b251d9f420532549fca505a4a

  • SHA512

    17cb9d1da022f7f497380347aa4a7fd26f4f16d8ef58737cfff6e0332b3a6884d13f91c0c0fba02afef13d92fac3fc4621e649d8589837df63f69a88adafa581

  • SSDEEP

    24576:n7FUDowAyrTVE3U5F/r5bOyUevB+C4kvZHMrcjpnMelbB+40:nBuZrEUIPgF4Y9nrpB+3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Unconfirmed 999399.exe
    "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 999399.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\Users\Admin\AppData\Local\Temp\is-UGPOL.tmp\Unconfirmed 999399.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-UGPOL.tmp\Unconfirmed 999399.tmp" /SL5="$5022E,837551,832512,C:\Users\Admin\AppData\Local\Temp\Unconfirmed 999399.exe"
      2⤵
      • Executes dropped EXE
      PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-UGPOL.tmp\Unconfirmed 999399.tmp
    Filesize

    3.1MB

    MD5

    0b2ad80f9624e630994f39fef3cd626c

    SHA1

    1d6fe3ec6cddc1b0846a8be4359da1774d852ffc

    SHA256

    c3fae3bc5f5d8b9e3dd3ec53fab3767365df89292ed89d27c664be0dee731f76

    SHA512

    cd332be52aa6eae3e16c1d1a761ef6f36c0edfe0f0d4b5733064865a6606c96e05e689dcf4af87187020cc8b9be819b59730b897932d7bae6e87dd04b5086384

    Download Submit

  • memory/344-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/344-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/344-8-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/344-13-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3856-6-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3856-9-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3856-11-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download